CVE-2007-2881

Published May 29, 2007

Last updated 7 years ago

Overview

Description: Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "60F4D3BE-B872-4807-A16E-869763DF27EC",
            "versionEndIncluding": "4.0.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2007-2881
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=536
http://osvdb.org/35841
http://secunia.com/advisories/25405
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102927-1
http://www.kb.cert.org/vuls/id/746889
http://www.securityfocus.com/bid/24165
http://www.securitytracker.com/id?1018130
http://www.vupen.com/english/advisories/2007/1957
https://exchange.xforce.ibmcloud.com/vulnerabilities/34524

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References